Logo image
Back
System Call-Based Detection of Malicious Processes
Conference proceeding

System Call-Based Detection of Malicious Processes

Raymond Canzanese, Spiros Mancoridis, Moshe Kam and IEEE
2015 IEEE International Conference on Software Quality, Reliability and Security, pp 119-124
Aug 2015
DOI: https://doi.org/10.1109/QRS.2015.26

Abstract

Accuracy detection Detectors Feature extraction machine learning Malware Software Support vector machines system call analysis Training
System call analysis is a behavioral malware detection technique that is popular due to its promising detection results and ease of implementation. This study describes a system that uses system call analysis to detect malware that evade traditional defenses. The system monitors executing processes to identify compromised hosts in production environments. Experimental results compare the effectiveness of multiple feature extraction strategies and detectors based on their detection accuracy at low false positive rates. Logistic regression and support vector machines consistently outperform log-likelihood ratio and signature detectors as processing and detection methods. A feature selection study indicates that a relatively small set of system call 3-grams provide detection accuracy comparable to that of more complex models. A case study indicates that the detection system performs well against a variety of malware samples, benign workloads, and host configurations.

Metrics

13 Record Views
48 citations in Web of Science
64 citations in Scopus

Details

InCites Highlights

Data related to this publication, from InCites Benchmarking & Analytics tool:

Collaboration types
Domestic collaboration
Web of Science research areas
Computer Science, Software Engineering
Engineering, Electrical & Electronic
Logo image